Google Apps has become an increasingly popular set of productivity tools for business users, but the discovery of a flaw that could allow cybercriminals to conduct email spoofing using the admin console may have some early adopters concerned.

Security researchers Patrik Fehrenbach and Behrouz Sadeghipour explained in a blog post how they found an imperfection that involves using a Google Apps domain name that hasn’t already been claimed by a customer. In a series of tests, they were able to commit email spoofing — in other words, sending out messages through someone else’s Google Apps domain.

Although there is no evidence cybercriminals have exploited the flaw, it represents a particularly dangerous threat. In many attempts to spread malware via email, cybercriminals are often forced to create phony or suspicious-looking addresses that may not look enough like the real thing. In this case, the Google Apps admin tool could let anyone impersonate a legitimate organization much more effectively if, for example, they were committing phishing attacks.

Likely to underscore the severity of the threat, researchers used the flaw to commit email spoofing from domains related to Google itself. ZDNet reported that “[email protected]” and “[email protected]” were among the variations used. It’s little wonder Google wasn’t just quick to fix the problem, but to award the researchers a prize of $500.

Unfortunately, this isn’t the first security issue involving Google’s business tools. As SecurityWeek pointed out, the admin console has also been plagued by a cross-scripting vulnerability as recently as two months ago. The fact that Google fixed the email spoofing problem by simply adding “[email protected]” for unverified domains shows how simple some of these attacks are becoming.

It’s also rather ironic that, in December, Google introduced a series of enterprise security features for Google Apps. These included a Devices and Activities Dashboard, as explained by the Financial Post, that would help administrators monitor for questionable behavior. Nevertheless, one might argue that hijacking email domains could be even worse.

Over the next week, Google may offer a more comprehensive fix for email spoofing, The Hacker News said. In the meantime, it’s always best to consider that, if an email message looks a little off, it probably is.

Image Source: Flickr

More from

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…